When you’re making an app that uses credentials to access some service, in the early stages of development before any code to access a config-file is written, a username and password are occasionally hard-coded in the source.

Since you use version control like all good developers, it’s possible these hardcoded credentials get committed. This poses a grave security risk, especially if you want to open source the code including the repository.

Here’s how to remove a password from any file, in all revisions, in a git repository:

In this post I present the development model that I’ve introduced for all of my projects (both at work and private) about a year ago, and which has turned out to be very successful. I’ve been meaning to write about it for a while now, but I’ve never really found the time to do so thoroughly, until now. I won’t talk about any of the projects’ details, merely about the branching strategy and release management.